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Abstract 

This note describes a technique for generating large non-singular matri- 
ces with blocks of full rank. Our motivation to construct such matrices 
arises in the white-box implementation of cryptographic algorithms with 
S-boxes. 

1 Introduction and Notation 

This note describes a technique for generating large non-singular matrices with 
blocks of full rank. One motivation is the following. For ciphers such as AEsQ, 
DES|^, and CASt|^ involving linear transformations and substitution boxes 
(S-boxes), white-box cryptographic implementations Q attempt to hide linear 
transformations in the non-linear S-box lookups by blocking the matrices for the 
linear transformations, and then non-linearly encoding the matrix operations by 
converting the blocks into substitution boxes (S-boxes) with arbitrary bijective 
input and output encodings. Security considerations dictate that the matrices 
be hard to discover from the S-boxes. A bijective S-box leaks no information if 
its input and output codings are unknown and arbitrary, whereas a lossy S-box 
leaks information: distinct encoded inputs map to the same encoded output, 
reducing the search space for encodings. This in turn means that blocks of 
reduced rank should be avoided. 

We now introduce our notation. Let denote an n x to matrix M over 
field "Af is short for "M. "I denotes ann x n identity matrix. J^O denotes 
an 71 X TO zero matrix; "0 is short for "0. As usual, rriij denotes the matrix M 
element in row i and column j. 

A matrix may be blocked into submatrices. For example, 
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^ We refer to this as m inputs (columns) and n outputs (rows), because multiplying J^M j"X 
yields a vector "y. 
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is a blocked matrix with blocks A, B,C, D, each of which is itself a matrix. 
Horizontally adjacent blocks must have the same number of rows, and vertically 
adjacent blocks must have the same number of columns. 

Where a matrix is blocked, and all of the blocks are square and have 
the same dimensions p x p with p\m and p|n, we use the notation ^M\fB\ to 
denote an n x m matrix M with ^ blocks. Here Bi j denotes the block in row 

1 and column j of blocks. 

For convenience we give the following definition: 

Definition 1.1 // all the blocks Bij in a block matrix ^M[pB] are invertible, 
matrix M is called an {m,n,p) block invertible matrix. Furthermore, ifm — n, 
and M is invertible then M is called an {m,p) block invertible square matrix. 

In this note we describe a way to create a block invertible square matrix 
^Mpi?] for p and n natural numbers where p\n and p> 1. One known technique 
involves the Kronecker product, or tensor product of matrices If we can find 
an invertible matrix such that all entries not in field F, its tensor 

product A® B with another invertible matrix ^B is a {p^ , p) block invertible 
square matrix. However, this approach fails for cases where the matrix A does 
not exist — for example, when constructing (2*, 2) block invertible matrices over 
Gf(2). We provide a method of constructing block invertible matrices over any 
field. 

2 Preliminary Result 

First we prove the following result. 

Lemma 2.1 Let p and r be two integers with p > \ and p > r > 0. Then there 
exists a matrix ^ A such that 




is an invertible matrix over field F . 



Proof: We construct a matrix ^A such that T is invertible, where 




Case 1: If r is even, define 
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with the I invertible matrix K -j^ ) on the diagonal. Therefore A is invertible. 
Since 
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has a determinant of 1, T is invertible as each diagonal block is invertible: 
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Case 2: r is odd. For r = 1, A can be defined as 
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Since p > 1, we have p — 2>0. Note that A is invertible, and 
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r= I +^=10 

p-2o / \ P-2I 



is also invertible. 

For r odd and r > 1, let r = 2n + 3 where n > 0. Now define A to be 



3 



A 



Note that 
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which is invertible; and using the same argument as above, both A and T are 
invertible. ■ 



3 Constructing a block invertible square matrix 

Before proceeding, we recall an elementary result used in the proof of our main 
result. 

Lemma 3.1 From Paley and Weichsel||^: For a given square matrix "M of 
rank r < n over field F, there exist invertible matrices "P and "Q such that 




Theorem 3.2 (Main result) For any field F , and for any positive integers 
n and p such that n > p and p\n, there exists an {n,p) block invertible square 
matrix. 

Proof: We construct the matrix inductively. For the first step we find an in- 
vertible square matrix over F. Note that there are infinitely many p x p 
invertible matrices over infinite field F and there are 

p-i 

i=0 

invertible matrices over finite field F of order These facts grant us a variety 
of choices of pM. This is a {p,p) block invertible square matrix. 

Now suppose we have found a {t,p) block invertible square matrix M with 
t > p and p\t. The third step is to construct a {t + p,p) block invertible square 
matrix. 
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It is not hard to see that there exists a {p, t, p) block invertible matrix X 
and a {t,p,p) block invertible matrix Y. In fact X and Y can be constructed 
from M because M is a {t,p) block invertible square matrix. 

Let PW be a matrix over F. Observing the following matrix equation: 

M 0\ fl M-^Y\ _ (M Y 
X wj'yo I ) ^ \X XM-^Y + W 

we claim that if we can find a,pxp invertible matrix W such that XM~^Y + W 
is invertible, then matrix 



N = 



M Y 

X XM-^Y + W 



is a {t+p,p) invertible square matrix. In fact, if W is invertible, the left-side of 
the matrix equation implies N is invertible. Following the assumptions that M, 
X, Y, and XM~^Y + W are {t,p), {p,t,p), {t,p,p) and {p,p) block invertible 
matrices, respectively, by definition, is a block invertible square matrix. Such 
a matrix W can be constructed in the following way. 



/From Lemma 3.1, for the p x p square matrix XM Y ^ there exist two 



invertible matrices and such that 



P(XM-^Y)Q = 



^1 P^'"0 

p-r-Q p-rQ 



where r is the rank of XM ^Y . By Lemma 2.1, an invertible matrix exists 
such that 



''I P-^o 

p-r-Q p-rg 



■A 



is invertible. Now we can define W asW = P ^AQ . Then the matrix 
XM-^Y + W ^ P-\P{XM-^Y)Q + A)Q-^ ^ p-^{(^j,2.^ p^'^jj^ + A)Q- 
is invertible, completing our construction. ■ 



4 Example 

In the following example, for F = GF(2), we construct an (n, 2) block invertible 
square matrix for any even number n > 0. All blocks mentioned below are of 
dimension 2x2. 

Since any invertible 2x2 matrix is a (2, 2) block invertible square matrix, we 
can safely assume that we already have a (t, 2) block invertible square matrix 
*M for t > 2. We construct a (t + 2, 2) block invertible square matrix *''"^M' as 
follows. 
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1. Use a row of blocks of matrix M to create a matrix ^X. 

2. Use a column of blocks of matrix M to create a matrix 

3. Get invertible matrices and such that P{XM-^Y)Q = 

4. Define matrix '^A as follows: 



I 

2-rQ 



(a) if r = 


0,A = 


'I; 


(b) if r = 


1,A = 


G 


(c) if r = 


2,A = 


(; 



5. Then XM~^Y ^ P~^AQ~^ is a + 2, 2) block invertible matrix. 

Repeat for (n — 2) /2 steps to obtain an (n, 2) block invertible square matrix. 
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